def testCertificateCache(self): pemRoot = '''-----BEGIN CERTIFICATE----- MIIDpzCCAxCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQKExFv c2Fmb3VuZGF0aW9uLm9yZzELMAkGA1UECxMCQ0ExEDAOBgNVBAMTB09TQUYgQ0Ex KzApBgkqhkiG9w0BCQEWHGhvc3RtYXN0ZXJAb3NhZm91bmRhdGlvbi5vcmcwHhcN MDQwNjAyMjEzNTIzWhcNMjkwNTI3MjEzNTIzWjCBmjELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQKExFvc2Fm b3VuZGF0aW9uLm9yZzELMAkGA1UECxMCQ0ExEDAOBgNVBAMTB09TQUYgQ0ExKzAp BgkqhkiG9w0BCQEWHGhvc3RtYXN0ZXJAb3NhZm91bmRhdGlvbi5vcmcwgZ8wDQYJ KoZIhvcNAQEBBQADgY0AMIGJAoGBAMvKQY9ElPz4UOhYwKPhbHpSzxxGXxQHiOGu QDV9HuTaTD53cs4xhTau5nLrbqR6qkOpaxgq4+xGZGXwwdrl6vABXGamBAIS8U+C IoxMZmdi1zNCHpALjrUOr5zG+l5lbxKMzzfbBgz0EvnxdyUW3JzWlFA7gtKwNeq9 8BbIVNIRAgMBAAGjgfowgfcwHQYDVR0OBBYEFFAUmTv7d1YAmmssTPTcaE3FWgdL MIHHBgNVHSMEgb8wgbyAFFAUmTv7d1YAmmssTPTcaE3FWgdLoYGgpIGdMIGaMQsw CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x GjAYBgNVBAoTEW9zYWZvdW5kYXRpb24ub3JnMQswCQYDVQQLEwJDQTEQMA4GA1UE AxMHT1NBRiBDQTErMCkGCSqGSIb3DQEJARYcaG9zdG1hc3RlckBvc2Fmb3VuZGF0 aW9uLm9yZ4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAAdPk2l4 bQBw41mQvTLGFVUx89oEqmlW8fMh06/PhNyKPvA+Ip/HL4fl71A8aGYINA2KGQeE Mi6jbcmKpkTked0C7KzayFkggv/SZtmeibzOjQJbO5WQCRgYuF9t7Rijk7oiAt3U 3rOIG1GsNPeKaSKyc+Bpqd9phY+fPNsZf8b4 -----END CERTIFICATE-----''' self.assert_(ssl.certificateCache == [], 'cache should start empty') ssl.getContext(self.view) # set cache self.assert_(ssl.certificateCache != [], 'cache should have an entry after getting a context') x509 = X509.load_cert_string(pemRoot) fingerprint = utils.fingerprint(x509) cert = certificate.importCertificate(x509, fingerprint, constants.TRUST_AUTHENTICITY | constants.TRUST_SERVER, self.view) self.assert_(ssl.certificateCache == [], 'cache should have been cleared after adding a cert') ssl.getContext(self.view) # set cache cert.trust = 0 self.assert_(ssl.certificateCache == [], 'cache should have been cleared after changing cert.trust attribute') ssl.getContext(self.view) # set cache del cert.trust self.assert_(ssl.certificateCache == [], 'cache should have been cleared after deleting cert.trust attribute') ssl.getContext(self.view) # set cache cert.delete() self.assert_(ssl.certificateCache == [], 'cache should have been cleared after removing a cert')
def testCertificateVerification(self): ctx = ssl.getContext(self.view) conn1 = SSL.Connection(ctx) #conn2 = SSL.Connection(ctx)#XXX Why can't I reuse the connection? if socket.getdefaulttimeout() is not None: # A workaround for M2Crypto bug 2341. If Chandler # unit tests are run with run_tests.py, the feedparser # calls socket.setdefaulttimeout() which will break # this test case. But since we are just testing to make # sure that: # 1) SSL certificate verification works and # 2) post connection check works # we can safely force this test to run in blocking mode. # # Also, the SSL.Connection code is not used in Chandler. # In Chandler we use TwistedProtocolWrapper, which # works even when socket.setdefaulttimeout() has been # called. # XXX We should really test it here, but we first need # XXX to figure out how to run these kinds of twisted tests # XXX because reactor.run()/stop() can be called only once # XXX in a program. conn1.setblocking(1) #conn2.setblocking(1) if not self.isOnline(): return # We wrap the connect() in try/except and filter some common # network errors that are not SSL-related. try: self.assert_(conn1.connect(('www.thawte.com', 443)) >= 0) conn1.clear() #self.assertRaises(SSL.SSLError, conn2.connect, ('bugzilla.osafoundation.org', 443)) #conn2.clear() except socket.gaierror, e: if e.args[0] == 7: #'No address associated with nodename' return if e.args[0] == -3: #'Temporary failure in name resolution' return raise